Wednesday, July 11, 2007

Webinar: Cross-Site Request Forgery

For those interested in learning about Cross-Site Request Forgery (CSRF), WhiteHat is hosting a webinar on July 24, 2007 at 11:00 AM PDT. This is about the basics, in and outs, and solutions in straight forward terms. If you want to attend registration is free. Description is below:

Cross-Site Request Forgery (CSRF). Session Riding. Client-Side Trojans. Confused Deputy. Web Trojans. Confused? Every year, for the past several years, the exact same Web attack is discovered, analyzed, and subsequently then renamed. Whatever it's called, it all means the same thing: An attacker is forcing an unsuspecting user’s browser to compromise their own banking, eCommerce or other website accounts without the real user’s knowledge.

Attackers have begun to actively exploit CSRF vulnerabilities across the Web. Why now? Because it's incredibly easy and the vast majority of websites are vulnerable to it. How do you stop an attack originating from a “real user,” who appears to be properly logged-in, and making a legitimate request - except that they did not intend to make the request?

About Me

Jeremiah Grossman's career spans nearly 20 years and has lived a literal lifetime in computer security to become one of the industry's biggest names. He has received a number of industry awards, been publicly thanked by Microsoft, Mozilla, Google, Facebook, and many others for his security research. Jeremiah has written hundreds of articles and white papers. As an industry veteran, he has been featured in hundreds of media outlets around the world. Jeremiah has been a guest speaker on six continents at hundreds of events including many top universities. All of this was after Jeremiah served as an information security officer at Yahoo!